我有一个上传系统,它会上传文件然后记录在我的数据库中。无论如何它一切都很好,虽然我怎么能这样做,只有上传图像,没有别的?
我的代码:
if($_POST[add]){
$dataType = $_POST["dataType"];
$title = $_POST["title"];
$fileData = pathinfo(basename($_FILES["image"]["name"]));
$fileName = uniqid() . '.' . $fileData['extension'];
$target_path = ("userfiles/profilepic/" . $fileName);
while(file_exists($target_path))
{
$fileName = uniqid() . '.' . $fileData['extension'];
$target_path = ("userfiles/profilepic/" . $fileName);
}
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_path))
{
$sql = $dbh->prepare("UPDATE users SET `profilepic` = 'userfiles/profilepic/$fileName' WHERE `id` = '".$member["id"]."'");
$sql->execute();
$retval = $sql->fetch(PDO::FETCH_ASSOC);
echo "Your profile picture has successfully been updated";
}
else
{
echo "oh noes.. there was an error :( Please do try again!";
}
}
答案 0 :(得分:3)
if($_POST[add]){
$file_type = $_FILES['image']['type']; //returns the mimetype
$allowed = array("image/jpeg", "image/gif", "image/png");
if(!in_array($file_type, $allowed)) {
$error_message = 'Only jpg, gif, and png files are allowed.';
echo $error_message;
exit();
}
$dataType = $_POST["dataType"];
... rest of your code below
<强>脚注: